Gift cards

When I was a child, one of the things I loved to receive at Christmas and birthdays were gift cards. In those days it was book tokens and it meant that I could get something that I wanted rather than chosen by a rarely seen aunt who had forgotten how old I was. Later on it became record tokens but after a while these became a problem because few shops would take them where we lived. However, I think book tokens are still going strong.

In latter years everyone got into it and there was a big growth in store tokens. Everyone from the big department stores to smaller specialist chains had their own gift tokens; even some individual shops did it.

Recently there has been a move away from the denominated slip of paper with banknote like swirls, embossing, holograms and markers to a plastic card that looks like a store discount/loyalty/charge card. With this have come some security problems which are causing many people grief. The victims can be the shop or the customer and the perpetrators can be the staff, the public or third parties. I will concentrate on the problems for the customer because they have no control over the system.

The cards themselves are low security. They have a number which is duplicated by a bar code and sometimes by a magnetic stripe. Some cards also have a PIN which is initially concealed by a scratch-off covering. When the card is purchased it is “loaded” with money but this does not get recorded on the card itself but onto a central computer system. When goods are purchased with the card then the cost is deducted and any balance remains in credit. In order to provide the customer with documentary evidence a receipt is issued every time a card transaction takes place which shows how much is left on the card and this can also be checked at any time, either in a branch of the shop, by telephone or online.

How can you be conned? There are a number of holes in the system from old fashioned deception though to weaknesses in the system.

One way is that the card you are given when you buy one is not the card that was loaded with the deposit, it has been switched by the cashier. As this is likely to be a gift this is not discovered until little Johnny tries to buy his new trainers or whatever and then often not followed up because the parents don’t want to trouble the old guy that gave it because perhaps he did something wrong.

A similar switch can be pulled when spending a card with the cashier returning a different card with less on it or claiming the one presented has less on it than it does.

The other one I have heard of is even more blatant. When you buy the card, you are not given it, just a gift wallet containing the till receipt. When questioned, the cashiers have said that that is the token, there is nothing else. This was observed a few times when they were new and could have been partly down to poor staff training but in many cases they were not reported because it was thought that “aunt Millie had lost it before giving it to little Johnny.”

The cure for all of these is to observe closely everything that happens. When you get the card initially make sure the number on the card matches the one on the receipt and write that number on the inside of the gift wallet. Then when each transaction takes place, make sure the new receipt matches the same number and the card number is still the same. Also demand to have the empty card back, it is yours. If there is a significant amount of money on it then separately check the value using the phone/online system or another cashier.

There is one final scam which is enabled by the poor system design and there is not much that the customer can do about it.

The cashier selling the card has already noted the number and/or copied the card—if it is a bar code then a photocopy will do. They then spend the money on it before the legitimate owner. This is quite common around Christmas because they know that the card is unlikely to be redeemed until the January sales. It is very hard to prove that you haven’t spent it yourself because the shop has records that you have.

The flaw in the system here is that there is no interaction with the real card like there is with a Chip-and-Pin credit card. For online transactions they use the scratch-off PIN to verify that you actually have the card but in the shop there is no similar verification if you are on the inside—i.e. staff.

These observations were made on one brand (the M&S store card) but I am not picking on that one in particular because they all have similar problems. Perhaps there are some with real security but I haven’t seen one. These are being treated like real money, they are already as vulnerable as cash because there is no recovery if they are lost, yet the value can be spirited away from you without you even knowing.

This entry was posted
on 20 Jan 2010 at 12:27 by Rick and is filed under Miscellaneous, Security.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.